New Consumers Union report catalogs the potential collateral damage from the crypto wars

From the Boing Boing Shop

Follow Us

In a new white paper, Consumers Union (publishers of Consumer Reports) looks at the "consumer stake in the encryption debate": they note that governments want to ban working cryptography so that cops can spy on crooks, but the reprt does an excellent job enumerating all the applications for crypto beyond mere person to person communications privacy.

Crypto, after all, is the way that manufacturers authenticate their software updates for devices, secure the transmissions between those devices, and protect the integrity of sensitive information like financial transactions, vehicle telemetry, and health data.

Posing the crypto wars as finding a balance between your right to privacy and cops' ability to fight crime misses out on these important equities. Asking us to give up working crypto is also asking us to give up the certainty that our medical implants, cars and voting machines aren't being remotely sabotaged.

Cryptography is essential to the delivery of these updates, as it allows a device to know
who
is
installing
what. Manufacturers use digital signatures to ensure that only genuine updates are
delivered, guarding against code that might be sent
from malicious actors, such as criminals
looking to remotely turn on microphones, steal data, or attack other nearby devices.

This is not
a theoretical danger:
Users of Adobe Flash, Android, and multiple web browsers have been
targeted in the past with invitations to download and install fake software updates.

The problem could become more acute as consumers adopt a coming tidal wave of new
software
-
driven devices. Mobile phones have become omnipresent and virtually omniscient
personal assistants, with minority and vulnerable consumers being especially likely to be
dependent on smartphones for their access to the internet.
Homes are becoming “smarter” as
embedded, largely invisible computer chips control televisions, refrigerators, thermostats, home
cameras, and light switches. Even cars
—
once the quintessential mechanical product
—
now
depend heavily on digital technologies.

To use all of these digital products and services, consumers must blindly trust hundreds of
millions of lines of computer code as they navigate their day
-
to
-
day lives. And just as
programmers spend their days creating and improving their code, hackers work hard at finding
vulnerabilities that can enable them to turn baby monitors into spy devices,
infiltrate mobile
phones and laptops,
and potentially even control a car’s brakes and steering.
Many of these
vulnerabilities carry the risk of being exploited in an environment where the stakes are high:
Hackers have remotely hijacked connected Jeeps,
redirected yachts by “spoofing” GPS
coordinates,
and locked home thermostats at 99 degrees Fahrenheit.
If these connected
products used encryption, it would be much harder for hackers to exploit these vulnerabilities
and place consumers at risk.

It's been less than a year since a public-spirited hacker broke into the servers of Florida stalkerware vendor Retina-X, wiping out all the photos and data the company's customers had stolen from other peoples' phones (including their kids' phones) by installing the spying apps Phonesheriff on them.

A pair of researchers from Toronto's storied Citizen Lab (previously) have written an eye-opening editorial and call to action on the ways that repressive states have used the internet to attack dissidents, human rights advocates and political oppositions -- and how the information security community and tech companies have left these people vulnerable.

Radiflow reports that they discovered cryptojacking software -- malware that mines cryptocurrency -- running in the monitoring and control network of an unnamed European water utility, the first such discovery, and a point of serious concern about the security and integrity of critical infrastructure to both targeted and untargeted attacks.

When it comes to redesigning or renovating a living space, envisioning changes before they occur can be tricky for most. Thankfully, the web is home to tools that can remove some of the guesswork, like Live Home 3D Pro for Mac. This app lets you create detailed and furnished floor plans for everything from sheds and […]

For many startups and fledgling businesses, web hosting — and the fees associated with it — can take a sizeable chunk out of the company budget and limit growth down the road. But, that’s not to say there aren’t hosts out there who can get your site online while staying within your budget. Arch Hosting is a […]

The web is a big place, but it’s by no means infinite where domain names are concerned. New domain seekers, in particular, are feeling the burn as .com domain names become increasingly saturated, forcing many to choose a second-rate domain name or rename their brand entirely.Opting for a .tech domain not only affords you a […]